CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-09-28 15:31:43 +12:00
Code Issues Projects Releases Wiki Activity

Add vcs webhook verification

Browse source
This commit is contained in:
Matej Bačo 2023-06-15 12:37:28 +02:00
parent 3cc3fb316c
commit 7d79e4146f
4 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.env
View file

@ -83,4 +83,5 @@ _APP_CONSOLE_GITHUB_SECRET=
_APP_CONSOLE_GITHUB_APP_ID= _APP_CONSOLE_GITHUB_APP_ID=
VCS_GITHUB_APP_NAME= VCS_GITHUB_APP_NAME=
VCS_GITHUB_PRIVATE_KEY= VCS_GITHUB_PRIVATE_KEY=
VCS_GITHUB_APP_ID= VCS_GITHUB_APP_ID=
VCS_GITHUB_WEBHOOK_SECRET=

13
app/controllers/api/vcs.php
View file

@ -401,8 +401,17 @@ App::post('/v1/vcs/github/incomingwebhook')
->inject('getProjectDB') ->inject('getProjectDB')
->action( ->action(
function (GitHub $github, Request $request, Response $response, Database $dbForConsole, callable $getProjectDB) use ($createGitDeployments) { function (GitHub $github, Request $request, Response $response, Database $dbForConsole, callable $getProjectDB) use ($createGitDeployments) {
$event = $request->getHeader('x-github-event', ''); $signature = $request->getHeader('x-hub-signature-256', '');
$payload = $request->getRawPayload(); $payload = $request->getRawPayload();
$signatureKey = App::getEnv('VCS_GITHUB_WEBHOOK_SECRET', '');
$valid = $github->validateWebhook($payload, $signature, $signatureKey);
if(!$valid) {
throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN, "Invalid webhook signature.");
}
$event = $request->getHeader('x-github-event', '');
$privateKey = App::getEnv('VCS_GITHUB_PRIVATE_KEY'); $privateKey = App::getEnv('VCS_GITHUB_PRIVATE_KEY');
$githubAppId = App::getEnv('VCS_GITHUB_APP_ID'); $githubAppId = App::getEnv('VCS_GITHUB_APP_ID');
$parsedPayload = $github->parseWebhookEventPayload($event, $payload); $parsedPayload = $github->parseWebhookEventPayload($event, $payload);
@ -716,4 +725,4 @@ App::get('/v1/vcs/github/installations/:installationId/repositories/:repositoryI
$detection['runtime'] = $runtime; $detection['runtime'] = $runtime;
$response->dynamic(new Document($detection), Response::MODEL_DETECTION); $response->dynamic(new Document($detection), Response::MODEL_DETECTION);
}); });

4
composer.lock generated
View file

@ -2705,7 +2705,7 @@
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/utopia-php/vcs.git", "url": "https://github.com/utopia-php/vcs.git",
"reference": "46f4de30652a057a0c19a6975276a6be8e12606f" "reference": "01afc324865613f7b34ca9981745bfaaec8ec363"
}, },
"require": { "require": {
"adhocore/jwt": "^1.1", "adhocore/jwt": "^1.1",
@ -2750,7 +2750,7 @@
"utopia", "utopia",
"vcs" "vcs"
], ],
"time": "2023-06-12T12:48:43+00:00" "time": "2023-06-15T10:13:29+00:00"
}, },
{ {
"name": "utopia-php/websocket", "name": "utopia-php/websocket",

1
docker-compose.yml
View file

@ -180,6 +180,7 @@ services:
- VCS_GITHUB_APP_NAME - VCS_GITHUB_APP_NAME
- VCS_GITHUB_PRIVATE_KEY - VCS_GITHUB_PRIVATE_KEY
- VCS_GITHUB_APP_ID - VCS_GITHUB_APP_ID
- VCS_GITHUB_WEBHOOK_SECRET
appwrite-realtime: appwrite-realtime:
entrypoint: realtime entrypoint: realtime